EmbedAI Improper Access Control Vulnerability Allowing Database Backup Retrieval
Vulnerability
A vulnerability allowing improper access control has been identified in EmbedAI versions through 2.1. This issue enables authenticated attackers to access database backups by requesting the '/embedai/app/uploads/database/<SQL_FILE>' endpoint.
Impact
Exploitation of this vulnerability allows authenticated attackers to download database backup files, which may contain sensitive information.
Remediation
Users can upgrade to EmbedAI version 2.1 or later to address this vulnerability.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
0.0impact
2.5exploitability
5.2remediation
7.7relevance
0.0threat
0.0urgency
2.9incentive
1.7Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.